b'Audit of FDIC\xe2\x80\x99s Personnel Security Program\n\n(Report No. 04-016, March 16, 2004)\n\nSummary\n\nThis report presents the results of a review by International Business Machines (IBM) Business\nConsulting Services (hereafter referred to as IBM), an independent professional services firm\nengaged by the Office of Inspector General (OIG) to support its efforts to satisfy reporting\nrequirements related to the Federal Information Security Management Act of 2002.\n\nThe objective of the review was to determine whether the FDIC has established and implemented\neffective controls over its personnel security program. The scope of the review focused on\nFDIC\xe2\x80\x99s personnel security program for employees. Audit work relating to FDIC\xe2\x80\x99s personnel\nsecurity program for contractors was limited to gaining an understanding of the program.\nIBM concluded that the FDIC\xe2\x80\x99s Division of Administration (DOA) has made improvements in\nthe Corporation\xe2\x80\x99s personnel security program, but additiona l work is needed to strengthen\ncontrols over data used to manage the program.\n\nRecommendations\n\nIBM made multiple recommendations to the Director, DOA, to improve the accuracy of the data\nused to manage the FDIC\xe2\x80\x99s personnel security program.\n\nManagement Response\n\nDOA\xe2\x80\x99s response adequately addressed all the conditions discussed in the report.\n\nThis report addresses issues associated with information security. Accordingly, we have\nnot made, nor do we intend to make, public release of the specific contents of the report.\n\x0c'